US8904541B2ActiveUtilityA1

Performing security assessments in an online services system

Assignee: SOBY BRIANPriority: Aug 26, 2010Filed: Aug 26, 2010Granted: Dec 2, 2014
Est. expiryAug 26, 2030(~4.1 yrs left)· nominal 20-yr term from priority
G06F 11/3698G06F 21/00G06F 11/3664G06F 11/3688G06F 21/577
67
PatentIndex Score
3
Cited by
138
References
17
Claims

Abstract

A system and method for performing security assessments in an online services system. In one embodiment, a method includes receiving an accepted security assessment agreement from a user, where the security assessment agreement is associated with a software application utilized in an online services system. The method also includes receiving configuration data associated with the software application; receiving scanning data associated with the software application; and sending the configuration data and scanning data to one or more security assessment systems.

Claims

exact text as granted — not AI-modified
What is claimed is: 
     
       1. A method for facilitating security assessments in an online services environment, the method comprising:
 receiving, in an online services system, from a third-party application provider, a software application for utilization in the online services system; 
 receiving, at a processor in the online services system from the third-party application provider, configuration data associated with a security assessment to be performed on the software application for utilization in the online services system, the configuration data comprising testing parameters for testing the software application and requirements for starting the security assessment on the software application; 
 determining, in the online services system, whether the configuration data is valid; 
 receiving, in the online services system from the third-party application provider, scanning data associated with the software application, the scanning data comprising access credentials for performing the security assessment on the software application; 
 sending, by the online services system, the configuration data and scanning data to one or more security assessment systems such that the one or more security assessment systems performs the security assessment of the software application in accordance with the configuration data and the scanning data; and 
 receiving the security assessment in the online services system from the one or more security assessment systems. 
 
     
     
       2. The method of  claim 1 , further comprising dynamically resolving data referenced in the software application during the security assessment to detect vulnerabilities associated therewith, and wherein the vulnerabilities associated with the data referenced in the software application includes at least one of a validation logic vulnerability and a data type vulnerability. 
     
     
       3. The method of  claim 1 , further comprising creating, in the online services system, a test environment for performing security assessments on the software application. 
     
     
       4. The method of  claim 1 , further comprising creating, in the online services system, a test environment for performing security assessments on the software application, wherein the test environment is based on the configuration data. 
     
     
       5. The method of  claim 1 , further comprising determining if the online services system communicates with an unauthorized computer system. 
     
     
       6. The method of  claim 1 , further comprising creating, in the online services system, a test environment for performing security assessments on the software application, wherein creating the test environment is conditioned upon receiving a security assessment agreement. 
     
     
       7. A non-transitory computer-readable storage medium having one or more instructions thereon for facilitating security assessments in an online services system, the instructions when executed by a processor causing the processor to:
 receive, in an online services system, from a third-party application provider, a software application for utilization in the online services system; 
 receive, at a processor in the online services system from the third-party application provider, configuration data associated with a security assessment to be performed on the software application for utilization in the online services system, the configuration data comprising testing parameters for testing the software application and requirements for starting the security assessment on the software application; 
 determine, in an online services system, whether the configuration data is valid; 
 receive, in the online services system from the third-party application provider, scanning data associated with the software application, the scanning data comprising access credentials for performing the security assessment on the software application; 
 send, by the online services system, the configuration data and scanning data to one or more security assessment systems such that the one or more security assessment systems performs the security assessment of the software application in accordance with the configuration data and the scanning data; and 
 receive the security assessment in the online services system from the one or more security assessment systems. 
 
     
     
       8. The computer-readable storage medium of  claim 7 , wherein the instructions further cause the processor to dynamically resolve data referenced in the software application during the security assessment to detect vulnerabilities associated therewith, and wherein the vulnerabilities associated with the data referenced in the software application includes at least one of a validation logic vulnerability and a data type vulnerability. 
     
     
       9. The computer-readable storage medium of  claim 7 , wherein the instructions further cause the processor to create, in the online services system, a test environment for performing security assessments on the software application. 
     
     
       10. The computer-readable storage medium of  claim 7 , wherein the instructions further cause the processor to create, in the online services system, a test environment for performing security assessments on the software application, wherein the test environment is based on the configuration data. 
     
     
       11. The computer-readable storage medium of  claim 7 , wherein the instructions further cause the processor to determine if the online services system communicates with an unauthorized computer system. 
     
     
       12. The computer-readable storage medium of  claim 7 , wherein the instructions further cause the processor to create, in the online services system, a test environment for performing security assessments on the software application, wherein creating the test environment is conditioned upon receiving a security assessment agreement. 
     
     
       13. An apparatus for facilitating security assessments in an online services system, the apparatus comprising:
 a processor; and 
 a storage device storing one or more stored sequences of instructions which when executed by the processor cause the processor to: 
 receive, in an online services system, from a third-party application provider, a software application for utilization in the online services system; 
 receive, at a processor in the online services system from the third-party application provider, configuration data associated with a security assessment to be performed on the software application for utilization in the online services system, the configuration data comprising testing parameters for testing the software application and requirements for starting the security assessment on the software application; 
 determine, in an online services system, whether the configuration data is valid; 
 receive in the online services system from the third-party application provider, scanning data associated with the software application, the scanning data comprising access credentials for performing the security assessment on the software application; and 
 send, by the online services system, the configuration data and scanning data to one or more security assessment systems such that the one or more security assessment systems performs the security assessment of the software application in accordance with the configuration data and the scanning data; and 
 receive the security assessment in the online services system from the one or more security assessment systems. 
 
     
     
       14. The apparatus of  claim 13 , wherein the instructions further cause the processor to dynamically resolve data referenced in the software application during the security assessment to detect vulnerabilities associated therewith, and wherein the vulnerabilities associated with the data referenced in the software application includes at least one of a validation logic vulnerability and a data type vulnerability. 
     
     
       15. The apparatus of  claim 13 , wherein the instructions further cause the processor to create, in the online services system, a test environment for performing security assessments on the software application. 
     
     
       16. The apparatus of  claim 13 , wherein the instructions further cause the processor to create, in the online services system, a test environment for performing security assessments on the software application, wherein the test environment is based on the configuration data. 
     
     
       17. The apparatus of  claim 13 , wherein the instructions further cause the processor to determine if the online services system communicates with an unauthorized computer system.

Join the waitlist — get patent alerts

Track US8904541B2 — get alerts on status changes and closely related new filings.

We store only your email — no account needed. See our privacy policy.